Secure State Estimation against Sensor Attacks in the Presence of Noise
TL;DR: In this paper, the problem of estimating the state of a noisy linear dynamical system when an unknown subset of sensors is arbitrarily corrupted by an adversary is considered, and a secure state estimation algorithm is proposed to derive (optimal) bounds on the achievable state estimation error given an upper bound on the number of attacked sensors.
Abstract: We consider the problem of estimating the state of a noisy linear dynamical system when an unknown subset of sensors is arbitrarily corrupted by an adversary. We propose a secure state estimation algorithm, and derive (optimal) bounds on the achievable state estimation error given an upper bound on the number of attacked sensors. The proposed state estimator involves Kalman filters operating over subsets of sensors to search for a sensor subset which is reliable for state estimation. To further improve the subset search time, we propose Satisfiability Modulo Theory based techniques to exploit the combinatorial nature of searching over sensor subsets. Finally, as a result of independent interest, we give a coding theoretic view of attack detection and state estimation against sensor attacks in a noiseless dynamical system.
Citations
More filters
TL;DR: Previous work on physics-based anomaly detection based on a unified taxonomy that allows us to identify limitations and unexplored challenges and to propose new solutions is reviewed.
Abstract: Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of research. In its basic form, a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements to identify potentially false control commands or false sensor readings. In this article, we review previous work on physics-based anomaly detection based on a unified taxonomy that allows us to identify limitations and unexplored challenges and to propose new solutions.
383 citations
TL;DR: A survey of systems and control methods proposed for the security of Cyber-Physical Systems, a field that has recently garnered increased attention, classifies these methods into three categories based on the type of defense proposed against the cyberattacks: prevention, resilience, and detection & isolation.
312 citations
TL;DR: The aim of this paper is to find the so-called insecurity conditions under which the estimation system is insecure in the sense that there exist malicious attacks that can bypass the anomaly detector but still lead to unbounded estimation errors.
279 citations
TL;DR: This paper surveys the literature on security aspects of CPSs, and presents some of existing methods for detecting cyber attacks, which are: Denial of service (DoS), deception, and replay attacks.
164 citations
TL;DR: An attack-resilient, provably correct state estimation algorithm is developed that admits a fully distributed implementation and a notion of `strong-robustness' that captures both measurement and communication redundancy is introduced.
96 citations
References
More filters
TL;DR: This paper surveys a number of methods for the detection of abrupt changes in stochastic dynamical systems, focusing on the class of linear systems, but the basic concepts carry over to other classes of systems.
2,416 citations
TL;DR: A new simple characterization of the maximum number of attacks that can be detected and corrected as a function of the pair (A,C) of the system is given and it is shown that it is impossible to accurately reconstruct the state of a system if more than half the sensors are attacked.
Abstract: The vast majority of today's critical infrastructure is supported by numerous feedback control loops and an attack on these control loops can have disastrous consequences. This is a major concern since modern control systems are becoming large and decentralized and thus more vulnerable to attacks. This paper is concerned with the estimation and control of linear systems when some of the sensors or actuators are corrupted by an attacker. We give a new simple characterization of the maximum number of attacks that can be detected and corrected as a function of the pair $(A,C)$ of the system and we show in particular that it is impossible to accurately reconstruct the state of a system if more than half the sensors are attacked. In addition, we show how the design of a secure local control loop can improve the resilience of the system. When the number of attacks is smaller than a threshold, we propose an efficient algorithm inspired from techniques in compressed sensing to estimate the state of the plant despite attacks. We give a theoretical characterization of the performance of this algorithm and we show on numerical simulations that the method is promising and allows to reconstruct the state accurately despite attacks. Finally, we consider the problem of designing output-feedback controllers that stabilize the system despite sensor attacks. We show that a principle of separation between estimation and control holds and that the design of resilient output feedback controllers can be reduced to the design of resilient state estimators.
1,199 citations
30 Sep 2009
TL;DR: This paper analyzes the effect of replay attacks on a control system and proposes a countermeasure that guarantees a desired probability of detection by trading off either detection delay or LQG performance, either by decreasing control accuracy or increasing control effort.
Abstract: This paper analyzes the effect of replay attacks on a control system. We assume an attacker wishes to disrupt the operation of a control system in steady state. In order to inject an exogenous control input without being detected the attacker will hijack the sensors, observe and record their readings for a certain amount of time and repeat them afterwards while carrying out his attack. This is a very common and natural attack (we have seen numerous times intruders recording and replaying security videos while performing their attack undisturbed) for an attacker who does not know the dynamics of the system but is aware of the fact that the system itself is expected to be in steady state for the duration of the attack. We assume the control system to be a discrete time linear time invariant gaussian system applying an infinite horizon Linear Quadratic Gaussian (LQG) controller. We also assume that the system is equipped with a χ2 failure detector. The main contributions of the paper, beyond the novelty of the problem formulation, consist in 1) providing conditions on the feasibility of the replay attack on the aforementioned system and 2) proposing a countermeasure that guarantees a desired probability of detection (with a fixed false alarm rate) by trading off either detection delay or LQG performance, either by decreasing control accuracy or increasing control effort.
827 citations
Book•
01 Jan 2002TL;DR: This paper presents codes and algorithms for majority decoding based on the Fourier transform, as well as algorithms based on graphs, for linear block codes and beyond BCH codes.
Abstract: The need to transmit and store massive amounts of data reliably and without error is a vital part of modern communications systems. Error-correcting codes play a fundamental role in minimising data corruption caused by defects such as noise, interference, crosstalk and packet loss. This book provides an accessible introduction to the basic elements of algebraic codes, and discusses their use in a variety of applications. The author describes a range of important coding techniques, including Reed-Solomon codes, BCH codes, trellis codes, and turbocodes. Throughout the book, mathematical theory is illustrated by reference to many practical examples. The book was first published in 2003 and is aimed at graduate students of electrical and computer engineering, and at practising engineers whose work involves communications or signal processing.
687 citations
TL;DR: The integration of cybertechnologies with physical processes increases system efficiencies and, at the same time, introduces vulnerabilities that undermine the reliability of critical infrastructures.
Abstract: Cyberphysical systems integrate physical processes, computational resources, and communication capabilities. Cyberphysical systems have permeated modern society, becoming prevalent in many domains, including energy production, health care, and telecommunications. Examples of cyberphysical systems include sensor networks, industrial automation systems, and critical infrastructures such as transportation networks, power generation and distribution networks, water and gas distribution networks, and advanced manufacturing systems. The integration of cybertechnologies with physical processes increases system efficiencies and, at the same time, introduces vulnerabilities that undermine the reliability of critical infrastructures. As recently highlighted by the Maroochy water breach in March 2000 [1], multiple recent power blackouts in Brazil [2], the SQL Slammer worm attack on the Davis-Besse nuclear plant in January 2003 [3], the StuxNet computer worm in June 2010 [4], and various industrial security incidents [5], cyberphysical systems are prone to failures and attacks on their physical infrastructure and cyberattacks on their data management and communication layer [6], [7].
326 citations